CVE-2014-3477

Ubuntu Security Notice USN-2275-1

Severity Score

4.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, envía un error AccessDenied al servicio en lugar de al cliente cuando el cliente tiene prohibido el acceso al servicio, lo que permite a usuarios locales causar una denegación de servicio (fallo de inicialización y salida) o posiblemente realizar un ataque de canal lateral a través de un mensaje D-Bus a un servicio inactivo.

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. Alban Crequy discovered that dbus-daemon incorrectly handled certain file descriptors. A local attacker could use this issue to cause services or clients to disconnect, resulting in a denial of service. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-07-01 CVE Published
2025-01-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0266.html	X_refsource_confirm
http://secunia.com/advisories/59428	Third Party Advisory
http://secunia.com/advisories/59611	Third Party Advisory
http://secunia.com/advisories/59798	Third Party Advisory
http://www.securityfocus.com/bid/67986	Vdb Entry
https://bugs.freedesktop.org/show_bug.cgi?id=78979	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567	2023-12-27
http://seclists.org/oss-sec/2014/q2/509	2023-12-27

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html	2023-12-27
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html	2023-12-27
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html	2023-12-27
http://www.debian.org/security/2014/dsa-2971	2023-12-27
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176	2023-12-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.2 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.2"		-		Affected
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.4 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.4"		-		Affected
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.6 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.1 Search vendor "Freedesktop" for product "Dbus" and version "1.2.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.3 Search vendor "Freedesktop" for product "Dbus" and version "1.2.3"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.4 Search vendor "Freedesktop" for product "Dbus" and version "1.2.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.6 Search vendor "Freedesktop" for product "Dbus" and version "1.2.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.8 Search vendor "Freedesktop" for product "Dbus" and version "1.2.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.10 Search vendor "Freedesktop" for product "Dbus" and version "1.2.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.12 Search vendor "Freedesktop" for product "Dbus" and version "1.2.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.14 Search vendor "Freedesktop" for product "Dbus" and version "1.2.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.16 Search vendor "Freedesktop" for product "Dbus" and version "1.2.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.18 Search vendor "Freedesktop" for product "Dbus" and version "1.2.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.20 Search vendor "Freedesktop" for product "Dbus" and version "1.2.20"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.22 Search vendor "Freedesktop" for product "Dbus" and version "1.2.22"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.24 Search vendor "Freedesktop" for product "Dbus" and version "1.2.24"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.26 Search vendor "Freedesktop" for product "Dbus" and version "1.2.26"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.28 Search vendor "Freedesktop" for product "Dbus" and version "1.2.28"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.30 Search vendor "Freedesktop" for product "Dbus" and version "1.2.30"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.3.0 Search vendor "Freedesktop" for product "Dbus" and version "1.3.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.3.1 Search vendor "Freedesktop" for product "Dbus" and version "1.3.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.0 Search vendor "Freedesktop" for product "Dbus" and version "1.4.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.1 Search vendor "Freedesktop" for product "Dbus" and version "1.4.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.4 Search vendor "Freedesktop" for product "Dbus" and version "1.4.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.6 Search vendor "Freedesktop" for product "Dbus" and version "1.4.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.8 Search vendor "Freedesktop" for product "Dbus" and version "1.4.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.10 Search vendor "Freedesktop" for product "Dbus" and version "1.4.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.12 Search vendor "Freedesktop" for product "Dbus" and version "1.4.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.14 Search vendor "Freedesktop" for product "Dbus" and version "1.4.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.16 Search vendor "Freedesktop" for product "Dbus" and version "1.4.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.18 Search vendor "Freedesktop" for product "Dbus" and version "1.4.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.20 Search vendor "Freedesktop" for product "Dbus" and version "1.4.20"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.22 Search vendor "Freedesktop" for product "Dbus" and version "1.4.22"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.24 Search vendor "Freedesktop" for product "Dbus" and version "1.4.24"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.26 Search vendor "Freedesktop" for product "Dbus" and version "1.4.26"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.0 Search vendor "Freedesktop" for product "Dbus" and version "1.6.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.2 Search vendor "Freedesktop" for product "Dbus" and version "1.6.2"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.4 Search vendor "Freedesktop" for product "Dbus" and version "1.6.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.6 Search vendor "Freedesktop" for product "Dbus" and version "1.6.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.8 Search vendor "Freedesktop" for product "Dbus" and version "1.6.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.10 Search vendor "Freedesktop" for product "Dbus" and version "1.6.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.12 Search vendor "Freedesktop" for product "Dbus" and version "1.6.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.14 Search vendor "Freedesktop" for product "Dbus" and version "1.6.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.16 Search vendor "Freedesktop" for product "Dbus" and version "1.6.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.18 Search vendor "Freedesktop" for product "Dbus" and version "1.6.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.8.0 Search vendor "Freedesktop" for product "Dbus" and version "1.8.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.8.2 Search vendor "Freedesktop" for product "Dbus" and version "1.8.2"		-		Affected